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(54) TiUe: USER AUTHENTICATION METHOD AND APPARATUS 
(57) Abstract 



Authorization for a user to use 
a service is provided by a modified 
pager which calculates a unique re- 
sponse code to a transmitted chal- 
lenge code based on the challenge 
code, an input personal identification 
number, and an internal key. The re- 
sponse code is input to a simple ter- 
minal, such as a telephone and if the 
unique response code is acceptable, 
the user may access the desired ser- 
vice, such as cashless transactions or 
long distance phone service. 
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USER AUTHENTICATION METHOD AND APPARATUS 

BACKGROUND OF THE INVENTION 

1) Field of l^he Invention 

The present invention involves a method and an apparatus 
5 for authentication of a user attempting to access an electro- 
nic setrvice, and, in particular, providing an authentication 
unit which is separate from preexisting systems. 

2) Description of Related Art 

Effective authentication methods and apparatuses have 

10 been in great demand to prevent fraud and theft of services. 
This demand increases with the explosion of electronic 
services in the current information age. Electronic services 
such as banking services, credit card services, automatic 
teller machine (ATM) services, account information services 

15 such as mortgage, savings and investment accounts, general 
information services such as data base services and networks, 
security services and long distance phone services all require 
that a user be accurately identified for purposes of security, 
proper billing and avoidance of fraud. Recently, fraud in the 

20 cellular mobile telephone industry has placed so great a 
demand on effective authentication methods that a protocol has 
been standardized for cellular mobile systems. See, GSM 
03.20, European Telecommxinications Standards Institute 
(ETSI) , 1993, pp. 19-29 and U.S. Patent No. 5,282,250, herein 

25 incorporated by reference. 

However, conventional authentication systems have 
required specially equipped terminals with card readers such 
as ATMs or credit card gas station terminals, data terminals 
using a log-in procedure, or cellular mobile radio stations 

30 with built-in authentication capabilities. Credit cards 
having a magnetic strip provide only minimal security insomuch 
as the bearer of the card is usually permitted to conduct 
transactions without further authentication of the user's 
identification other than perhaps comparing a unauthenticated 
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signature on the card to a signature of the user. Even in 
transactions when signatures are required, the certainty of 
the user's identification is minimal* 

Other identity cards, such as ATM cards, require a log-on 
5 procedure with a password, or PIN- But the PIN, once learned 
by an unauthorized user, offers no security in authenticating 
the user if the user can duplicate the ATM card. 

These methods of authentication require specially 
eqpaipped, and often dedicated, terminals, which raises the 

10 cost and reduces the availability of the associated electronic 
service. In other words, the prior art security systems often 
require a dedicated or customized terminal or modification to 
existing terminals, which greatly restricts the use of 
security systems to specific sites. Also, a user may use 

15 several electronic services, each service requiring an 
authentication procedure and/or personal identification 
number (PIN) or password, each procedure or password different 
from the others. As a subscriber to several electronic 
services, a user might end up with numerous passwords to 

20 remember. Even worse, he or she may be required to change 
-these passwords periodically, thus having to remember if a 
password is still valid or not. 

Also, transactions requiring relatively certain authen- 
tication have been largely unavailable from relatively simple 

25 terminals like telephones. For instance, home banking by 
telephone has been limited to transactions involving the bank 
customer's own accounts or using only the customer's own 
telephone. 

SUMMARY OF THE INVENTION 
30 The present invention overcomes these and other problems 

by providing an authentication procedure wherein the user 
carries a personal unit not limited to use with or physically 
connected to a terminal of any one specific electronic 
service. The personal unit can be used to authenticate a 
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user's identity through a variety of terminals associated with 
a variety of electronic services. 

The personal unit includes a receiver for receiving a 
transmitted challenge code and an algorithm unit which 
5 processes the challenge code, a user input such as a personal 
identification number (PIN) or electronically recognizable 
signature, and an internally stored security key for cal- 
culating a response code according to a pre-stored algorithm. 
The response code is then sent to the service node and, if it 
10 is acceptable, access to the service is authorized. 

The basic method involves receiving a challenge code from 
a system, the user inputting a personal identification number 
or other recognizable input, and the personal unit generating 
a response code based on an internally stored algorithm. The 
15 PIN or other user input may be changed from time to time, and 
the challenge code and the response is unique for each 
transaction. The personal \init may receive and store a 
plurality of challenge codes for later use. 

The personal unit can be used with virtually any existing 

2 0 terminal of an electronic service without requiring the 

terminal to be modified or customized. For instance, the 
personal unit can be used with a standard telephone, whether 
a radio telephone or land-line telephone. The user can input 
the response code displayed on the personal unit through the 

25 telephone keypad or the personal unit can include a DTMF 
transmitter for direct input of the response code into the 
microphone of the telephone. It follows that the keypad of 
any service terminal (e.g., a data terminal connected to a 
service computer) can be used to input the response code. If 

30 some other input device is used in a terminal, such as an 
acoustic input, a inductively coupled input, an optical input, 
radio transmitter (particularly if the terminal is by-passed 
and the response code is transmitted directly to the authen- 
tication center) , etc. , the personal unit can include a 

3 5 compatible output device- In other words, the personal unit 

can be modified or equipped to be compatible with existing or 



o o 
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perspective terminals, rather than having to modify the 
terminals to suit the authentication procedure • 

The same basic authentication procedure can be used for 
all services the user might wish to engage, the procedure 
5 being modifiable to suit any specific requirements of the 
electronic service. The user may have one personal unit for 
all the services he may wish to subscribe to, or several 
personal units, each unit being usable with one or a sxibset of 
services to which the user has subscribed, 

10 BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will now be described with refe- 
rence to the attached drawing figures in which: 

Figure 1 is a schematic diagram of an authentication 
pager system in accordance with the present invention? 
15 Figure lA is a schematic diagram of an authentication 

pager system with reference to specific communications in 
accordance with the present invention; 

Figure 2 is a perspective view of a personal unit in 
accordance with the present invention; and 
20 Figure 3 is a flowchart outlining the authentication 

process in accordance with the present invention o 

DETAIIiED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
Hardware of the Svstem 

Referring to Figure 1, the present invention includes a 

25 personal unit 20 for generating a response code, a terminal 22 
for initiating service access and conducting service, and for 
inputting the response code to a service access network 24 or 
directly to a separate authentication center 30. The service 
access network transmits data between the terminal 22 and a 

30 seirvice node 26. The service node 26 generates a challenge 
code and requests that the challenge code be sent to the 
personal \init 20 via an authentication challenge network 28, 
Alternatively, the separate authentication center 3 0 can 
generate the challenge code upon request by the service node 
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26. The terminal 22 can be a land-line telephone, a radio 
telephone, an ATM, a computer with a modem (modulator/demodu- 
lator) , a facsimile machine, or virtually any other type of 
terminal capable of receiving an input directly or indirectly 
5 from the personal unit and relaying information to a service 
node 26. 

The service node 2 6 may be any form of electronic 
service, such as banking or financial services, credit card 
services, long distance telephone services, information 

10 services, etc. The type of seirvice provided is not germane to 
the present invention- One of the advantages of the personal 
\init of the present invention is that it can be used for 
authenticating the user of any service. 

In an exemplary embodiment, the authentication center 

15 30, whether separate or as part of the service node 26, 
includes a radio transmitter, storage for one or more al- 
gorithms, and a comparator to compare the received response 
code to an expected response code. The authentication center 
3 0 can be realized in the form of additional software added to 

20 a preexisting pager system or other radio communication 
system. The separate authentication center 3 0 enables many 
service nodes or networks to use one authentication center 30. 
This permits changes in the authentication procedure to be 
done at one location for all applications and permits one 

25 authentication procedure to be used for more than one service, 
and perhaps all services to which a user has subscribed. 

The service access network 24 can be in the form of any 
communication system, such as a public or private telephone 
network, telegraph, or other land-line system, cellular radio 

30 telephone network, or other radio commxonication network. The 
form of the service access network 24 can be in any form 
capable of transmitting information from the terminal 22 to 
the service node 26. The service access network 24 in some of 
the examples provided below is in the form of a preexisting 

.3 5 telephone network. 
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The authentication challenge network 28 can be the same 
network as the service access network 24, or preferably a 
distinct and separate network. The authentication challenge 
network 28 can be any communication system, such as a public 
5 or private telephone network, telegraph, or other land-line 
system, cellular radio telephone network, or other radio 
communication network- The authentication challenge network 
28 can be in any form capable of transmitting information from 
the service node 26 (or authentication center 30) to the 

10 personal unit 20. In one embodiment, the authentication 
network is a preexisting wide area pager system capable of 
broadcasting a personal unit identification number and 
additional information, such as at least one challenge code. 
Exiting pager systems which can transmit at least the tele- 

15 phone number the user is being prompted to call have suf- 
ficient capabilities to function with the personal unit 
disclosed herein. Any form of radio communication system can 
provide the optimum security offered by the present invention 
because only a specific receiver properly generate the 

20 expected response when the proper PIN or the like is input. 
However, the user can be required to manually input a chal- 
lenge code provided over an interactive service access network 
24o 

In the exemplary embodiment of Figure 2, the personal 
25 unit 20 includes a receiver unit 21a for receiving the 
challenge code, and an algorithm unit 21b, operatively 
connected to the receiver unit 21a and preferably including an 
input device for receiving a user input, such as a security 
number, e.g., a PIN (Figure 2) . The receiver unit 21a can be 
30 in the form of a pager having a digital display capable of 
displaying a caller's telephone number or the like. The 
personal unit 20 can be essentially a conventional pager which 
is modified to include, for example, a receiver 21b, an input 
keypad 21c and optionally a dual tone multi-frequency (DTMF) 
3 5 generator 2 Id (if automated input of the displayed response 
code is preferred where the terminal 2 2 is connected to some 
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form of audio communicatiions network) . The personal unit 20 
may include a transmitter 2 If in an embodiment where the 
service access network includes an radio uplink, or where the 
response code is directly sent to the authentication center 30 
5 or service node 26. The algorithm unit 21b calculates a 
response code in accordance with the received challenge code, 
an appropriate input security number and optionally a secret 
key (a secret niomber or code provided by the supplier of the 
personal unit) entered into storage in the personal unit at 

10 the time of subscription- Algorithms of this type are known 
in the art or readily derived therefrom. See, GSM 03.20, 
Appendix C.2, algorithm A3, for example. The specific 
algorithm used in a given embodiment is not germane to the 
present invention- A memory 21e is provided to store the 

15 algorithms, the secret key, received challenge codes and 
computer programming as a specific embodiment makes ex- 
pedient- The pager unit may be microprocessor driven, 

This provides a triple check on the identity of the user, 
requiring information from three separate sources (user: PIN, 

2 0 service node or authentication center: challenge code, and 

provider of the personal unit: secret key) , thereby increasing 
the relative security of the transaction against fraud or 
other unauthorized use- 

In a preferred embodiment, the personal unit is a 
25 separate unit, thereby minimizing or avoiding the need to 
customize a communication device such as a cellular telephone. 
The receiver unit, input device, and the capacity for perfor- 
ming the necessary calculations exists in conventional 
cellular telephones and personal communication units, 

3 0 allowing the present invention to be implemented through 

software. 

The challenge code can either be unique to a given 
transaction or broadcast, for example, to all such personal 
units in use at a given time- The response code is to be 
.3 5 unique to each transaction in either scenario. Also, in 
either scenario, the challenge codes should be changed on a 
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periodic or a random basis to provide additional security for 
transactions. Similarly, the user input, such as a PIN, can 
be updated at the user's discretion or on a regular basis. 
Even the algorithm can be changed from time to time, or more 
5 than one algorithm can be stored in the personal unit 20, 
which can be either cyclically used in a predetermined order 
or changed after a predetermined niomber of uses. As long as 
the authentication center 30 can determine what algorithm, 
what secret key (if used) , and what user input should have 
10 been used for a given transaction, the user can be authen- 
ticated. 

The algorithm unit 21b calculates a response code based 
on the received challenge code, the user input (e.g., PIN), 
and optionally the secret key. Thus, for a correct response 
15 code to be generated, the challenge code, the user input and 
the secret key (if used) have to be in accordance with the 
expectations of the service node 26 or authentication center 
3 0 if access to the service is to be granted. The service node 
26 or the authentication center 30 is provided with enough 

2 0 information to be able to anticipate the proper response code. 

Thus, for a transaction to be authorized, the user must know 
the appropriate user input (e.g., PIN), be in possession of 
the corrsct personal unit and receive the appropriate chal- 
lenge code. 

25 A conventional twelve button (0-9, * and #) keypad 21c is 

preferable provided for inputting the user input as shown in 
Figure 2. Alternatively, a reduced or expanded keypad can be 
used with lesser or greater security being afforded thereby. 
A character recognition device which can recognize a signature 

3 0 or other writing can be used for the user input device. Also, 

fingerprint or retinal scanner can be used for added security 
in appropriate situations. 

For example, the challenge code may have 10 decimal 
digits, the secret key has 12 decimal digits, the PIN has 4 
3 5 decimal digits, and the response code has 8 decimal digits. 
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Authentication Process 

A user initiates a service access through terminal 22 by 
transmitting the request over a service access network 24 to 
a service node 26. The service node 2 6 does not immediately 
5 initiate the services offered* Rather, it generates a 
challenge code or causes a challenge code to be generated in 
an authentication center 30 • The challenge code is sent over 
an authentication challenge network 28 to the personal unit. 

When the personal unit 20 receives an authentication 
10 challenge code, it prompts the user to input a PIN or other 
identifying information, and generates a response code by an 
algorithm having the challenge code, an internal security code 
and the PIN as variable. Alternatively, several challenge 
codes can be received and stored in the personal unit, and the 
15 user prompted for the user input when attempting access to an 
electronic service. The user inputs a PIN, for exaunple, via 
a keyboard. However, known character recognition devices can 
be used to recognize a signature, or writing generally, which 
is input on a pad via a stylist. Other possibilities include 
2 0 a finger print or retinal scan devices, though the expense of 
these devices makes a practical embodiment less likely except 
for transactions requiring the highest form of security. 

The internally stored algorithm then generates a 
response code based on the challenge code, the user input, and 

2 5 optionally a secret key. 

The response code is either displayed on a display 20a 
(Fig. 2) for manual input to terminal 22,: or electronically, 
acoustically or optically input to terminal 22 which then 
transparently transmits the response code over the service 
30 access network 24 to the service node 26. Alternatively or 
additionally, the response can be transmitted over the 
authentication network 2 8 to the authentication center 3 0 
which then may send the response to the service node 26, or 
compare the response to the expected response and forward the 

3 5 result to the service node 26. If the response code is 
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acceptable, the service node 26 permits the user to access the 
services offered. The response code is compared to an 
expected response code, which, in exemplary embodiments, may 
be pre-stored or generated using the same algorithm and 
variables. Because the communication links in the authen- 
tication challenge network, and perhaps the service access 
network may suffer from noise (e.g. , radio interference) , some 
tolerance may be given in the result of the comparison. In 
other words, the response code and the expected* response code 
do not have to be exactly the same to gain access to the 
service, particularly when using an analog, rather than a 
digital, transmission format. 

With reference to the flow chart of Figure 3 , an exemp- 
lary authentication process begins at step SIO where a user 
15 initiates communication to a service node 2 6 via the service 
access network 24. This can be as simple as picking up the 
telephone and dialing an appropriate telephone number, which 
may be pre-stored in the personal unit. At step S12, the 
process may include entering a user number or identity, such 
20 as used for a data service. As shown at step S14, the service 
access network 24 transparently communicates an access 
request from the user to the service node 26. The service 
node 26, in response to the access request, requests authen- 
tication via an authentication challenge network 28 by sending 
25 a challenge code (either generated in a separate challenge 
center 30 or in the service node 26) to the user's personal 
unit 20, as shown at step S18. Alternatively, one or more 
challenge codes can be sent to the personal unit in advance. 
The personal unit 20 may display a prompt to prompt the user 
3 0 to input, for example, a security code, such as a PIN, or the 
terminal 22 may provide the prompt. Upon entry of the user 
input, the algorithm unit 21b of the personal unit 20 cal- 
culates and sends a response code either to the display or to 
a dual tone multi-frequency generator, or both. Other output 
3 5 devices can be used, such as radio wave (e.g. , radio transmit- 
ter or transceiver), infrared, visible or ultraviolet 
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generators (e.g - , LED's or semiconductor lasers) , electrical- 
ly inductive couplers (e«g. , induction coils), or forms of 
acoustic devices other than a DTMF generator. 

The user then either manually inputs the displayed 
5 response code to the terminal 22, or the personal unit 20 
directly inputs the response code in the case of a different 
type of output device. For example, when a dual tone multi- 
frequency (DTMF) generator is used with a communication 
system, the user presents generated tones to a microphone of 
10 such a system. 

The service access network 24 transparently transmits 
the response code to the service node 26, which determines 
whether it is acceptable. If the authentication center 3 0 
performs the comparison of the received response code to the 
15 expected response code, the service node 2 6 will transmit the 
response code to the authentication center 30 • Alternatively, 
the personal unit cstn send via radio transmission the response 
directly to the authentication center 3 0 and the authen- 
tication center 30 can inform the service node 2 6 of the 
20 results. If the response code is not acceptable, the user's 
access to the service is denied euid the process returns to 
either initiating the entire process or re-requesting the 
identification information. optionally, the system can 
disable the personal unit if a predetermined number of denied 

2 5 access attempts occur or if the personal unit 20 has been 

reported as stolen. 

If the response code is acceptable, the service is 
accessed and the user can perform the desired, available 
functions through the service node. 

3 0 With reference to Figure lA, the basic procedure is 

examined with reference to specific, numbered communications 
of an exemplary embodiment. 

(1) ENTER US ERID: PTOEXAN. 

(2) Service node receives request for a service from 
3 5 PTOEXAN. This USERID is connected to Patent and 

Trademark Office Examiner Andersson. Service node 
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sends a request for authentication: "Please 
authenticate this user: Examiner Andersson." 

(3) Challenge code is sent to Examiner Andersson 's 
authentication pager. 

5 (4) ENTER PASSWORD, which is sent to the data terminal 

from the service node. 

(5) Examiner Andersson enters PIN number to activate 
calculation of response code in personal unit. 
Response code is shown on the display of the per- 

10 sonal unit, and then manually input to the data 

terminal. Alternatively, the response code can be 
sent via a radio lin3c directly to the authen- 
tication center. 

(6) The response code is sent from the service node to 
15 the authentication center. 

(7) Authentication center compares the received res- 
ponse to the expected response and sends a message 
to the service node informing node authen- 
ticated/not authenticated, 

20 (8) Authentication approved/not approved to the user. 

As a concrete example of the present invention, a home 
banking application will be described. In this application, 
the intention is to transfer money from the owner's account to 
a different account, such as a creditor's account. The user 

25 can pay his bills at home using a telephone and a personal 

unit. In this example, all authentication steps performed by 

the user are manual. The resulting dialogue is as follows: 

User: Initiates a telephone call by cal- 

ling a payment service telephone 
3 0 number of a bank. 

Bank: "Enter your account number." 

User: "4219231459# . " 

Bank: "Please enter the following digits 

into your authentication unit - 1, 
35 2, 3, 2, 8" (challenge code). Al- 

ternatively, if the challenge code 
is broadcast or previously stored 
in the personal unit, then this 
step is skipped. 

40 "Please enter your personal iden- 

tification number." 
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User: 



10 



Bank : 

User: 
Bank: 

User: 
Bank: 



15 



Enters his PIN into the personal 
unit. The personal unit presents a 
challenge response, e.g., 19283746, 
on the personal unit's display. 
The user enters "19283746" on the 
telephone keypad. 

"Enter account number of accoiant to 
receive payment." 

"4313950678#." 

"Account of Ms. Jane Doe, Anytown, 
USA. Enter amount." 

"$500.00. " 

"$500.00 is credited to the account 
of Ms. Jane Doe. Transaction refe- 
rence n\imber 123456." 



User: Hangs up. 

This procedure may be complicated by routines for 
interrupting if an error has occurred, routines for handling 
more than one transaction during a single call, routines for 

2 0 using another home telephone, etc. 

A second exemplary procedure involves charging for long 

distance calls using a special service node (SSN) • In this 

example, the authentication is provided when charging a long 

distance call through a long distance telephone company. 

25 User: The special service node telephone is, 

e.g., with the prefix 900, followed by 
the long distance telephone number to be 
called, e.g., 900 555-1212. 

SSN: "Give ID and challenge response." 

3 0 User: Enters PIN into a personal unit (which 

has received a radio transmitted chal- 
lenge code) and the personal unit pre- 
sents a challenge response on its dis- 
play, e.g., "19283746." A button is then 
35. pressed and the personal unit's speaker 

is held against a microphone of the 
telephone giving an acoustical DTMF 
output to the SSN, e.g., 
"#0859032843#19283746#" which includes 

4 0 a personal identity number and followed 

by a response to the challenge code. 
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SSN: Authenticity of the response code is checked 
and, if acceptable, the connection is provi- 
ded. 

The same personal unit can be used for both the above 
5 transactions. A more automatic transaction can be implemen- 
ted. For instance, the personal unit may include a receiver 
and a DTMF transmitter, in which case, the user merely 
initiates access to a service and at a prompt inputs a user 
input, such as a PIN- 
10 To avoid waiting for the paging system to transmit 

challenges over a wide area paging network, for example, it is 
possible to transmit several (e.g., three) challenge codes 
which are stored in the personal unit 20 until used when a PIN 
is entered to generate a response code. The response code 
15 subsequently generated is not to be used more than once if 
repeating an entry due to error. 

The authentication center 3 0 can determine when to 
provide additional challenge codes to a personal unit via a 
radio signal, because it receives the responses in order to 
20 perform the authentication. Alternatively, if the service 
node 26 receives the responses, the service node 26 requests 
the authentication center 30 to send the next expected 
response to the service node 26, so that the authentication 
center can count the number of generated/used response codes. 
25 As stated previously, an authentication center 30 may be 
combined with a service node 2 6 or may be independently 
located and used by several service nodes. 

The present invention can be implemented for any suitable 
service node 26 using existing networks without significant 
30 costs by setting up appropriate data exchanges between 
existing networks and service nodes. The response code may be 
used for authentication using any terminal in any networks, 
provided the terminal is capable of transmitting data. The 
response code may be sent via the authentication network 28 
35 (e.g., via a radio signal). 

According to one embodiment of the present invention, a 
method for authentication is provided which can be used for 
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all electronic services siibscribed by a user without requiring 



authentication network 30 is connectable to all electronic 
networks or service nodes 26. When a user addresses a 
particular service node 26, requesting a service, the service 
node 2 6 sends a request for authentication to the authen- 
tication center 30. At reception of the request for authen- 
tication of a user, the authentication center 30 generates a 
challenge code which is sent to the user via the service node 
26. The user may then manually input the challenge code and 
a user input, such as a PIN, into his personal unit, to 
receive a response code, shown on the display of the personal 
unit 20. The response may then be manually input to the 
terminal 22 used for accessing the service. An authenticity 
check may then be performed either by the authentication 
center 30 or by the service node 26. 

The challenge code may also be sent to the personal unit 
via radio from the authentication center 30, or sent as DTMF 
tones, for example via a PSTN telephone. The response code 
may also be sent to the authentication center 3 0 via radio or 
sent as DTMF tones, for example via a PSTN telephone. 

This authentication method does not require any changes 
to existing terminals. The method allows the response code to 
be sent to the node performing the authenticity check in a way 
suitiable to the service application. The PIN code used to 
activate the calculation of a response in the personal unit is 
the only "password" or PIN that must be memorized by the user. 

The present invention may, of course, be carried out in 
other specific ways than those set forth herein without 
departing from the spirit and the central characteristics of 
the invention. The present embodiments are, therefore, to be 
considered in all respects as illustrative and not restric- 
tive, and all changes coming within the meaning and the 
equivalency range of the appendant claims are intended to be 
embraced herein. 



numerous passwords to be remembered. To achieve this, the 
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WHAT IS CLAIMED IS ; 

1. A method for authenticating a prospective user of 
an electronic service, the user having a personal unit, said 
method comprising the steps of: 
5 transmitting a challenge code; 

receiving said challenge code in said personal 

unit ; 

generating, in said personal unit, a response code 
based on an algorithm having at least said challenge code and 
10 a user input as variables; 

generating an output code comprising said response 
code suitable for input to a terminal physically located at 
said user's location but separate from said personal unit, 
said terminal being operatively connected to said electronic 
15 service; 

comparing said response code with an expected 

response code; and 

permitting access to said electronic service only 
when a result of said comparison step is acceptable. 

2 0 2. A method according to claim 1, further comprising 

the step of: 

reguesting access to said electronic service before 
said challenge code is received, wherein said challenge code 
is transmitted and received in response to said access 
25 reguest, 

3. A method according to claim 1, further comprising 

the steps of: 

storing one or more received challenge codes in said 

personal unit; and 

3 0 requesting access to said electronic service after 

said challenge code is received and stored, wherein said 
algorithm uses at least one of said stored challenge codes and 
a user input as variables in generating a response code. 
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4. A method according to claim 1, further comprising 
the steps of: 

receiving said user input through a keypad. 

5. A method according to claim 1, further comprising 
the steps of: 

receiving said user input through a handwriting 
recognition device. 

6. A personal xinit comprising: 

a receiver for receiving a challenge code; 

an input means for inputting a user input; 

a response code generating means, opera tively 
connected to said receiver and said input means, for genera- 
ting a response code in accordance with a received challenge 
code and a user input; 

an output means for generating an output code 
suitable for input to a terminal connected to an external 
electronic service, said personal unit being physically 
separate from said terminal and said terminal being at the 
location of the user. 

7. A personal unit according to claim 6, wherein said 
receiver includes a radio wave receiver. 

8. A personal unit according to claim 7, wherein said 
receiver includes conventional pager circuitry. 

9. A personal unit according to claim 6, wherein said 
user input is a personal identification number. 

10. A personal unit according to claim 6, wherein said 
input means includes a keypad. 

11- A personal unit according to claim 6, wherein said 
input means includes a character recognition device. 
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12. A personal unit according to claim S, wherein said 
output means includes a display. 

13. A personal unit according to claim 6, wherein said 
output means includes an acoustic generator. 

14. A personal unit according to claim 13, wherein said 
acoustic generator includes a dual tone multi-frequency 
generator. 

15. A personal unit according to claim 6, wherein said 
output means includes an optical generator. 

16. A personal unit according to claim 15, wherein said 
optical generator includes at least one of a infrared genera- 
tor, a visible light generator, and a ultraviolet light 
generator . 

17. A personal unit according to claim 6, wherein said 
output means includes at least one electrically inductive 
coupler. 

18. A personal unit according to claim 17, wherein said 
at least one electrically inductive coupler includes at least 
one induction coils. 

19. A personal unit according to claim 6, wherein said 
output means includes a radio transmitter. 

20. A personal unit according to claim 6, wherein said 
response code generator means calculates a response code in 
accordance with an algorithm wherein said received challenge 
code, said user input and a secret key stored in said personal 
unit are variables in the algorithm. 



21- A system comprising: 



wo 96/00485 



PCT/SE95/00719 



19 

a personal unit for receiving a challenge code, for 
receiving a user input, and generating a response code 
according to a received challenge code and a user input; 

a terminal opera tively connected to an authen- 
tication center, said terminal being capable of receiving said 
response code and being physically separate from said personal 
unit; and 

a network for sending said challenge code when 
access to a service is attempted, and for receiving said 
response code from said personal unit, said network further 
comprising 

comparing means for comparing said response 
code generated by said personal unit to an expected response 
code and 

permitting means for permitting access to said 
service only when a result of said comparison of said response 
code generated by said personal unit to said expected response 
code is acceptable. 

22 . A system according to claim 21, wherein said network 
comprises: 

a service access network for transmitting a request 
to access a service; 

an authentication challenge network, operatively 
connected to said authentication center, for transmitting 
said challenge code to said personal unit, 
said system further comprising: 

at least one service node for providing a service 
including exchanging service data with a user through said 
service access network and for receiving said request to 
access a service causing the authentication center to generate 
a challenge code in response to said request to access a 
service. 
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23 . A system according to claim 22, wherein said service 
access network further comprises means for transmitting said 
response code to said comparing means, 

24 • A system according to claim 22, wherein said 
authentication challenge network further comprises means for 
transmitting said response code to said comparing means. 

25 • A system according to claim 23, wherein said 
comparing means is located in said authentication center. 

26. A system according to claim 24, wherein said 
comparing means is located in said authentication center. 

27. A system according to claim 23, wherein said 
comparing means is located in said at least one service node. 

28. A system according to claim 24, wherein said 
comparing means is located in said at least one seirvice node. 

29. A system according to claim 21, wherein said 
response code is generated according to an algorithm stored in 
said personal unit. 

30. A system according to claim 22, wherein said service 
access network includes a land-line telephone system* 

31. A system according to claim 22, wherein said service 
node offers one or more services selected from the following 
group of seirvices: banking services, credit card services, 
automatic teller machine services, account information 
services, general information services, security services, 
and long distance telephone services. 
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32. A system according to claim 22, wherein said 
authentication challenge network includes a radio transmit- 
ter • 

33. A system according to claim 22, wherein said 
authentication challenge network includes a cellular tele- 
phone network. 

34. A system according to claim 22, wherein said 
authentication challenge network includes a pager network. 

35. A system according to claim 22, wherein said 
personal unit includes a response code generator means. 

36. A system according to claim 29, wherein said 
response code generator means generates said response code 
according to said received challenge code, said user input and 
a secret key stored in said personal unit. 
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